Earlier today, Oracle released an update to Java to address two separate vulnerabilities in Java. Now, Apple has released a patch for OS X 10.7 and later which fixes those issues and disables older versions of the plug-in.
The update brings Java SE 6 to 1.6.0_43 and disables plugins on machines that don’t have the latest version of Java. One of the flaws discovered by researchers and revealed last week was classified as a ‘zero day’ or unknown vulnerability that was already being exploited in the wild, so you should update your machine ASAP.
But everything isn’t all clear yet. Even as Oracle shipped its patch earlier today, it was also informed of five new flaws in Java and it has said it is already investigating.
At this point, the safest thing you could do is to disable Java entirely on your system unless it’s absolutely necessary. Apple has consistently said that people remove the Java plugin or disable it if not in use and the US Department of Homeland Security recently recommended that people do the same. This update also follows on from a patch that fixed a vulnerability used to hack into Apple employees’ systems.
The patch is available via Software Update on your Mac.